General
-
Target
W0rd.dll
-
Size
329KB
-
Sample
210204-swqgsl6yqj
-
MD5
8785d193a5f9fbc93169b4b36ac4531d
-
SHA1
19d5cf757875b3de0d65c7e36f2f552c57d2cb93
-
SHA256
34636f51f1f6be19912cbebdcb4f9eed873a42ffa05e0ad3b00949e57a814cf8
-
SHA512
bae1e03030caa43b8e5b5d5eaa912aede9bb545a9ad8dddec3736f67e43a0c30ad00392733fcccda8c1c9b5143dfe2290504be2ec74a198f2a35111381728b06
Static task
static1
Behavioral task
behavioral1
Sample
W0rd.dll
Resource
win7v20201028
Behavioral task
behavioral2
Sample
W0rd.dll
Resource
win10v20201028
Malware Config
Extracted
hancitor
0402_pogi
http://feirecropl.com/8/forum.php
http://oresteseu.ru/8/forum.php
http://respoishis.ru/8/forum.php
Targets
-
-
Target
W0rd.dll
-
Size
329KB
-
MD5
8785d193a5f9fbc93169b4b36ac4531d
-
SHA1
19d5cf757875b3de0d65c7e36f2f552c57d2cb93
-
SHA256
34636f51f1f6be19912cbebdcb4f9eed873a42ffa05e0ad3b00949e57a814cf8
-
SHA512
bae1e03030caa43b8e5b5d5eaa912aede9bb545a9ad8dddec3736f67e43a0c30ad00392733fcccda8c1c9b5143dfe2290504be2ec74a198f2a35111381728b06
Score10/10-
Blocklisted process makes network request
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-